In compliance with the new GDPR regulations, we would like to take this opportunity to inform you of our new data protection procedures now in place, and how these will affect the protection of your data.
Who we are:
Marcin Dochnal, Roots Health, IČO: 088 026 29, with address at Urbánkova 3364/55, Praha 4 Modřany, 143 00, registered at Town Hall of Prague 2 - Náměstí Míru 600/20, Praha 2 – Vinohrady, 120 00, email address: email@example.com. In the following document as „the administrator“ for the purposes of processing your personal data.
We provide Chiropractic and other health services. Treatments are carried out in accordance with the European Chiropractor‘s Union „Code of Good Practice“ https://chiropractic-ecu.org/wp-content/uploads/2017/02/Code-of-Good-Practice-ECU.pdf.
Data Protection Controller:
As we record and use sensitive health data, we take the protection of this data very seriously. We have a Data Protection Controller who is your first point of contact for any matters regarding your personal data that we process.
The ways they can be contacted:
Telephone: +420 733 304 524
Address: U Havlíčkových sadů 422/1, Praha 2 Vinohrady, 120 00
The personal data we process and what we do with it:
We record and use the following categories of personal data: title and whole name; marital status; a number of kids; address; telephone numbers; email address; date of birth; health information including medical history, diagnosis and treatment data.
Our lawful basis of processing this data is one of consent and legitimate interest in collecting the data because without it we couldn’t do our job effectively and safely. In addition, we will only examine or treat you with your explicit consent.
We store your data partly on paper and partly electronically. Information stored on paper are stored in lockable storage and electronic systems are protected by passwords. We don´t do carry any extra copies unless you through and provide consent.
We will never share your data with anyone who does not need access, however, we will be passing your personal data onto selected third parties who manage our diary and communication systems. These are Wix, Mailchimp, Jane Software inc, Alphabet inc.
Retaining your personal data:
Whilst you are receiving treatment from our clinic we will continue to store and use your personal data.
Once you have been discharged, we will retain your personal data for a minimum of 8 years (or age 25, if this is longer); after this, you may ask us to delete your records if you wish.
As we process your personal data, you have certain rights. You can use this right by contacting our Data Protection Controller. These rights are:
The right of access to your personal information
A right of rectification of your personal information
A right to restrict processing of your personal information - This is a temporary restriction for concrete information proceeding.
A right to cancel your consent - You can cancel your given consent anytime. However, this cancellation will not affect the processing of your information done before this cancellation.
A right of erasure - We can erasure your personal information after your request and cancellation of the consent in the information are not being used and we have no legal reason for its continued processing.
In the event that you wish to make a complaint about how your personal data is being processed by Roots Health, you have the right to complain to our Data Protection Controller. If you do not get a response within 30 days, you can complain to the ECU.
You may request a copy of your data at any time. Please make such a request in writing or by email directly to the Data Protection Controller at firstname.lastname@example.org. Please provide the following information: your name, address, telephone number, email address and details of the information you require. We will need to verify your identity so we may ask for a copy of your passport, driving licence and/or recent utility bill.
If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact your clinic directly and any necessary corrections to your data will be made promptly. Furthermore, if you believe we should erase your data, please contact the Data Protection Controller at email@example.com.
We reserve the right to change our Privacy Notice at any time and encourage you to check it regularly.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the details of who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Automated decision making and profiling:
We do not use any system which uses automated decision making or profiling in respect of your personal data.